Saved in:
Bibliographic Details
Main Authors: Hirano, Manabu, Kobayashi, Ryotaro
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.08656
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908505080856576
author Hirano, Manabu
Kobayashi, Ryotaro
author_facet Hirano, Manabu
Kobayashi, Ryotaro
contents Protecting state-of-the-art AI-based cybersecurity defense systems from cyber attacks is crucial. Attackers create adversarial examples by adding small changes (i.e., perturbations) to the attack features to evade or fool the deep learning model. This paper introduces the concept of low-level behavioral adversarial examples and its threat model of evasive ransomware. We formulate the method and the threat model to generate the optimal source code of evasive malware. We then examine the method using the leaked source code of Conti ransomware with the micro-behavior control function. The micro-behavior control function is our test component to simulate changing source code in ransomware; ransomware's behavior can be changed by specifying the number of threads, file encryption ratio, and delay after file encryption at the boot time. We evaluated how much an attacker can control the behavioral features of ransomware using the micro-behavior control function to decrease the detection rate of a ransomware detector.
format Preprint
id arxiv_https___arxiv_org_abs_2508_08656
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Evasive Ransomware Attacks Using Low-level Behavioral Adversarial Examples
Hirano, Manabu
Kobayashi, Ryotaro
Cryptography and Security
Protecting state-of-the-art AI-based cybersecurity defense systems from cyber attacks is crucial. Attackers create adversarial examples by adding small changes (i.e., perturbations) to the attack features to evade or fool the deep learning model. This paper introduces the concept of low-level behavioral adversarial examples and its threat model of evasive ransomware. We formulate the method and the threat model to generate the optimal source code of evasive malware. We then examine the method using the leaked source code of Conti ransomware with the micro-behavior control function. The micro-behavior control function is our test component to simulate changing source code in ransomware; ransomware's behavior can be changed by specifying the number of threads, file encryption ratio, and delay after file encryption at the boot time. We evaluated how much an attacker can control the behavioral features of ransomware using the micro-behavior control function to decrease the detection rate of a ransomware detector.
title Evasive Ransomware Attacks Using Low-level Behavioral Adversarial Examples
topic Cryptography and Security
url https://arxiv.org/abs/2508.08656